﻿Imports System.Data
Imports System.Data.OleDb
Imports System.Web.Configuration
Imports System.Text.RegularExpressions
Imports System.Web.Security


Partial Class login
    Inherits System.Web.UI.Page
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        'check if the user is already logged in, and if so, redirect to home page
        If Page.User.Identity.IsAuthenticated Then
            Response.Redirect("~/home.aspx")
        End If
    End Sub

    Protected Sub button_login_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles button_login.Click
        Dim myTicket As FormsAuthenticationTicket
        Dim userAccessLevel As Integer
        Dim ID As String
        Dim passwordHash As String
        Dim myConnection = New OleDbConnection()
        myConnection.ConnectionString = WebConfigurationManager.ConnectionStrings("yobboGuitar").ConnectionString
        'declare and instantiate command objects
        Dim myCommand = New OleDbCommand("SELECT ID, userAccessLevel FROM users WHERE userEmailAddress=? AND passwordHash=?")
        myCommand.Parameters.Add(New OleDbParameter("userEmailAddress", Me.textBox_userEmailAddress.Text))
        passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(Me.textBox_password.Text, "MD5")
        myCommand.Parameters.Add(New OleDbParameter("passwordHash", passwordHash))
        Try
            'open connection
            myConnection.Open()
            'set connection property of command object
            myCommand.Connection = myConnection
            'declare reader and execute
            Dim myReader As OleDbDataReader
            myReader = myCommand.ExecuteReader
            If myReader.HasRows Then 'the user's login credentials are valid, so check access level
                myReader.Read()
                userAccessLevel = myReader("userAccessLevel")
                ID = myReader("ID")
                If userAccessLevel = 0 Then 'the user is "banned" so redirect to "access denied" page
                    Response.Redirect("~/accessDenied.htm")
                Else
                    'set authentication cookie (to log in the new user); store user ID and access level in the cookie (as comma delineated string)
                    myTicket = New FormsAuthenticationTicket(1, Me.textBox_userEmailAddress.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False, ID & "," & userAccessLevel)
                    Dim myCookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(myTicket))
                    Response.Cookies.Add(myCookie)
                    Response.Redirect("~/home.aspx", False)
                End If
            Else 'the user is not authenticated
                Me.div_tryAgainMessage.Visible = True
                Me.button_login.Text = "Try Again"
            End If
            'close connection
            myConnection.Close()
        Catch ex As Exception
            'redirect to error message page
            Response.Redirect("~/error.htm")
        Finally
            myConnection.Close()
        End Try
    End Sub
End Class
